Searchable Public Key Encryption Research Articles

Public-Key Authenticated Encryption with Keyword Search Made Easy

Public-key searchable encryption allows keyword-associated tokens to be used to test if a ciphertext contains specific keywords. Due to the low entropies of keywords, the token holder can create ciphertexts from candidate keywords and test them using the token in hand to recover the keywords, known as inside keyword guessing attacks (IKGA). Public-key authenticated encryption with keyword search is a searchable encryption proposed to defend against such attacks. It ensures the sender's private key protects the ciphertexts from the IKGA. PAEKS schemes with reasonable security and practical efficiency remain elusive despite many proposals. This work provides a simple generic PAEKS scheme from non-interactive key exchange (NIKE) and symmetric-key equality-predicate encryption with three new constructions for the latter, respectively from pseudorandom functions (PRFs), the decision bilinear Diffie-Hellman assumption, and the learning-with-errors assumption. Instantiating our generic scheme, we derive several PAEKS schemes from the most well-known assumptions, with some of them achieving full cipher-keyword indistinguishability and full token indistinguishability in the standard model, for the first time. Our instantiated schemes allow practical implementations and outperform the existing PAEKS schemes under the same assumptions.

Data Secure De-Duplication in Cloud Environment

In the current area of information explosion, users’ demand for data storage is increasing, and data on the cloud has become the first choice of users and enterprises. Cloud storage facilitates users to backup and share data, effectively reducing users’ storage expenses. As the duplicate data of different users are stored multiple times, leading to a sudden decrease in storage utilization of cloud servers. Data stored in plaintext form can directly remove duplicate data, while cloud servers are semi-trusted and usually need to store data after encryption to protect user privacy. In this paper, we focus on how to achieve secure re-duplication and recover data in ciphertext for different users, and determine whether the indexes of public key searchable encryption and the matching relationship of trapdoor are equal in cipher text to achieve secure de-duplication. For the duplicate file, the data user’s re-encryption key about the file is appended to the ciphertext chain table of the stored copy. The cloud server uses the re-encryption key to generate the specified transformed ciphertext, and the data user decrypts the transformed ciphertext by its private key to recover the file. The proposed scheme is secure and efficient through security analysis and experimental simulation analysis.

Efficient public-key searchable encryption against inside keyword guessing attacks for cloud storage

Cloud storage offers data users relief from cumbersome management tasks and enhances overall efficiency. However, while it brings convenience, there is also the risk of privacy breaches. To address this, public-key encryption with keyword search (PEKE) presents a solution that balances efficiency, convenience, and security in the context of cloud storage. Nevertheless, PEKS is vulnerable to inside keyword guessing attacks and algorithm substitution attacks, posing a serious threat to its deployment. Cryptographic reverse firewall technique randomizes incoming messages to effectively defend against both types of attacks mentioned earlier through a gateway. However, this approach requires the gateway to store a random number for each keyword, increasing storage costs and potentially exposing keyword information. In response, we propose an improved scheme that inherits the remarkable properties of the method based on cryptographic reverse firewall. Additionally, the proposed scheme eliminates the need for gateways to store random numbers, reducing the management and storage burdens and supports multiple keywords for one document, a feature more aligned with real-world applications. Furthermore, we prove the security of the scheme, which achieves the same security goals as the existing scheme. Finally, we analyze the scheme s efficiency through theoretical analysis and performance evaluation, which demonstrates its efficiency.

IPO-PEKS: Effective Inner Product Outsourcing Public Key Searchable Encryption From Lattice in the IoT

IPO-PEKS: Effective Inner Product Outsourcing Public Key Searchable Encryption From Lattice in the IoT

PPT-LBS: Privacy-preserving top-k query scheme for outsourced data of location-based services

Location-based service (LBS) is enjoying a great popularity with the fast growth of mobile Internet. As the volume of data increases dramatically, an increasing number of location service providers (LSPs) are moving LBS data to cloud platforms for benefit of affordability and stability. However, while cloud server provides convenience and stability, it also leads to data security and user privacy leakage. Aiming at the problems of insufficient privacy protection and inefficient query in the existing LBS data outsourcing schemes, this paper presents a novel privacy-preserving top-k query for outsourcing situations. Firstly, to ensure data security of LSP and privacy of the user, the enhanced asymmetric scalar-product preserving encryption and public key searchable encryption have been adopted to encrypt outsourced data and LBS query, which can effectively lower the computational cost and realize the privacy protection search. Secondly, an efficient and secure index structure is constructed by using a coded quadtree and the bloom filter, so that the cloud server can quickly locate the user’s query region to improve retrieval efficiency. Finally, the formal security analysis is given under the random oracle model, and the performance is evaluated by experiments which demonstrates that our scheme is preferable to existing schemes.

Blockchain-assisted verifiable certificate-based searchable encryption against untrusted cloud server for Industrial Internet of Things

The Industrial Internet of Things (IIoT) has brought practical application value to many industries, where significant amounts of IIoT data and resources are outsourced to cloud server (CS) via diverse networks for data fusion, monitoring, sharing, and calculation analysis. Considering privacy, there is a need to execute the encryption operation on the data before outsourcing, while how to retrieve the encrypted data from CS becomes a thorny issue. Furthermore, the untrusted CS in charge of storing and searching the ciphertexts may return incorrect or incomplete search results for some interest. Verifiable public key searchable encryption (VPKSE) provides the ability to encrypt data, retrieve ciphertext, and verify search results simultaneously. However, the malicious behavior of CS has not been sufficiently considered in most existing schemes, that is, their verifiability only ensures the correctness of search results, neglecting completeness. In this paper, the verifiability of VPKSE is re-examined, and three verifiability levels are defined detailedly. On this basis, a blockchain-assisted verifiable certificated-based searchable encryption (BVCBSE) scheme for IIoT is put forward. The integration of blockchain and cryptographic accumulator ensures that an untrusted CS must return correct and complete search results, achieving the highest level of verifiability. In addition, security analysis demonstrates that BVCBSE can resist keyword guessing attack. Performance evaluation illustrates that BVCBSE is efficient and practical.

Blockchain-based public key encryption with keyword search for medical data sharing in cloud environment

The cloud-based sharing of electronic health data (EHDs) has great significance in researching diseases, doctors’ diagnoses and various fields. In this paper, we applied the potentiality of both blockchain and public key searchable encryption to build a medical data-sharing platform. In recent years, blockchain has emerged as a promising solution for medical data sharing with security and privacy preservation due to its immutability, decentralization, anonymity and verifiability advantages. Two kinds of blockchains, private blockchain and consortium blockchain, are used in our model. In our model, we have designed a consortium blockchain of preselected users. To achieve data security, access control, privacy preservation and secure search, public key encryption with keyword search (PEKS) technology is used here. According to the security proof, our proposed scheme is indistinguishable under the keyword guessing attack. The outcomes of the performance analysis and comparison simulations reveal that the proposed scheme performs better than other related schemes.

BASPED: Blockchain assisted searchable public key encryption over outsourced data

BASPED: Blockchain assisted searchable public key encryption over outsourced data

RLWE-based public key searchable encryption: securer, faster, and lower end-to-end delay for cloud computing

RLWE-based public key searchable encryption: securer, faster, and lower end-to-end delay for cloud computing

Fast Keyword Search over Encrypted Data with Ciphertext in Cloud

At present times , it's accessible for people to store their data on clouds. To secure the privacy, people tend to encode their data before uploading them to clouds. Due to the wide use of cloud services, public key searchable encryption is necessary for users to search the encrypted files efficiently and rightly. still, the being public key searchable encryption schemes supporting monotonic queries suffer from either infeasibility in keyword testing or inefficiency similar as heavy computing cost of testing, large size of ciphertext or lattice, and so on. In this work, we first propose a novel and effective anonymous key- policy attribute- based encryption( KP- ABE). also by applying Shen etal.’s general construction to the proposed anonymous KP- ABE, we capture an effective and suggestive public key searchable encryption, which to the best of our knowledge achieves the best performance in testing among the existing similar schemes

Scan-free verifiable public-key searchable encryption supporting efficient user updates in distributed systems

Searchable encryption (SE) is a promising technology that provides search functions while preserving information privacy. A small number of SE schemes can be applied to a distributed system. In such systems, multiple owners provide data that is encrypted by their secret keys to the system for retrieval by users. In this setup, however, users need to scan a searchable index for retrievals, which leads to linear search complexity. Moreover, updates of users (e.g., revoking an expired user from the system) generally incur substantial overhead to re-build the index. Accordingly, we propose a scan-free verifiable public-key searchable encryption scheme with an efficient user update function in a distributed system (i.e., in a multi-owner multi-user model). First, owners self-select secret keys to encrypt keywords. A master secret key is designed to support keyword searches among these keys. Additionally, a searchable index with an implicit relationship between the same keyword is proposed. There is no need to scan the index for keyword retrieval, which achieves sub-linear search complexity. It is also important that the updates of owners do not exert an influence on users and the other owners in our proposed scheme. As the key revocation mechanism, the master secret key is split into more partial secret keys that are distributed to users. Accordingly, the system only needs to re-split and re-distribute the key rather than re-building the index for updates of users. When making queries, not only are the content of queries and the master secret key concealed, but collusion between some users and the cloud server is resisted. The proposed scheme also supports an efficient result verification mechanism. The security and utility of our scheme were confirmed thru analysis and evaluation.

A Generic Construction of CCA-Secure Identity-Based Encryption with Equality Test against Insider Attacks

Identity-based encryption with equality test (IBEET) is a generalization of the traditional identity-based encryption (IBE) and public key searchable encryption, where trapdoors enable users to check whether two ciphertexts of distinct identities are encryptions of the same plaintext. By definition, IBEET cannot achieve indistinguishability security against insiders, i.e., users who have trapdoors. To address this issue, IBEET against insider attacks (IBEETIA) was later introduced as a dual primitive. While all users of IBEETIA are able to check whether two ciphertexts are encryptions of the same plaintext, only users who have tokens are able to encrypt plaintexts. Hence, IBEETIA is able to achieve indistinguishability security. On the other hand, the definition of IBEETIA weakens the notion of IBE due to its encryption inability. Nevertheless, known schemes of IBEETIA made use of rich algebraic structures such as bilinear groups and lattices. In this paper, we propose a generic construction of IBEETIA without resorting to rich algebraic structures. In particular, the only building blocks of the proposed construction are symmetric key encryption and pseudo-random permutations in the standard model. If a symmetric key encryption scheme satisfies CCA security, our proposed IBEETIA scheme also satisfies CCA security.

Data Secure De-Duplication and Recovery Based on Public Key Encryption With Keyword Search

In the current era of information explosion, users’ demand for data storage is increasing, and data on the cloud has become the first choice of users and enterprises. Cloud storage facilitates users to backup and share data, effectively reducing users’ storage expenses. As the duplicate data of different users are stored multiple times, leading to a sudden decrease in storage utilization of cloud servers. Data stored in plaintext form can directly remove duplicate data, while cloud servers are semi-trusted and usually need to store data after encryption to protect user privacy. In this paper, we focus on how to achieve secure de-duplication and recover data in ciphertext for different users, and determine whether the indexes of public key searchable encryption and the matching relationship of trapdoor are equal in ciphertext to achieve secure de-duplication. For the duplicate file, the data user’s re-encryption key about the file is appended to the ciphertext chain table of the stored copy. The cloud server uses the re-encryption key to generate the specified transformed ciphertext, and the data user decrypts the transformed ciphertext by its private key to recover the file. The proposed scheme is secure and efficient through security analysis and experimental simulation analysis.

Searchable Public-Key Encryption With Cryptographic Reverse Firewalls for Cloud Storage

In order to protect data privacy in cloud storage, sensitive data is encrypted before being uploaded to a cloud server. How to retrieve ciphertext safely and effectively has become a problem. Public key encryption with keyword search (PEKS) realizes the retrieval of ciphertexts in clouds without disclosing secret information. However, most PEKS protocols can not resist an keyword guessing attack (KGA) launched by untrusted cloud servers. Meanwhile, these protocols are unable to detect vulnerabilities, resulting in information leakage. In this paper, we design a searchable public-key encryption with cryptographic reverse firewalls (SPKE-CRF), and use the JPBC library to implement the protocol. Security analysis shows that the SPKE-CRF protocol can resist a chosen keyword attack (CKA), a KGA, and an algorithm substitution attack (ASA) without secure channels. Performance analysis shows that the SPKE-CRF protocol has a significant communication and computational cost advantage while being resistant to the KGA and ASA from malicious insider attackers in cloud environments. Therefore, our SPKE-CRF protocol is secure and efficient for cloud storage.

A Public Key Searchable Encryption Method Based on Multiple Keywords

In recent years, the secure search of encrypted cloud data has become a hot research topic and a challenging task. Several secure search schemes have been proposed to address this challenge. However, existing public-key searchable encryption schemes still face many problems. Among these schemes, most of them are based on single-key searchable encryption schemes, and although some schemes are designed for multi-key search, they still disclose the secret information of the encrypted index. Based on this, this paper proposes a multi-key public-key searchable encryption scheme without a secure channel, which uses a random element padding method to construct an encrypted index to ensure the security of the index information, and then improves the efficiency of the search by aggregating the query keyword information to generate query trapdoors. The simulation results of the algorithm show that the algorithm improves the query efficiency and query accuracy under the condition that the index and trapdoor are secure.

An enhanced heterogeneous public key searchable encryption scheme supporting multiple keywords

Searchable encryption (SE) technology allows users to use keywords to retrieve encrypted data and ensure that useful plaintext information about encrypted data will not be disclosed. For a secure SE scheme, if it is able to meet the multi-trapdoor privacy (MTP), the security will be improved compared with the traditional SE scheme. However, there are few searchable encryption schemes that can meet the requirements of MTP. In addition to the security of the SE scheme, we should also strive to improve its practicability. Nowadays, many existing SE schemes use a single keyword to generate the keyword ciphertext and trapdoor for retrieving ciphertext, which will greatly reduce the accuracy of the search result. Another phenomenon deserves our attention. In recent years, public key cryptosystems such as certificateless cryptography (CLC) and public key infrastructure (PKI) have been widely used. If a SE scheme satisfies heterogeneity means that both sides of communication parties do not need to restrict the use of the same cryptosystems, the practicability of this scheme will be improved. Therefore, we propose a heterogeneous SE scheme that provides MTP. The new scheme supports multi-keyword search and allows the sender and receiver to be worked in different cryptosystems. Furthermore, it would obviously be impractical to use the same cryptographic system parameters between heterogeneous systems, so the communication parties in our scheme operate in different cryptosystems with different cryptographic system parameters. With the use of the random oracle model (ROM), we demonstrate the security of the proposed scheme, and we show the excellent performance of the proposed scheme at the end of the article.

A Lightweight Blockchain-based Public-Key Authenticated Encryption with Multi-Keyword Search for Cloud Computing

Cloud computing can provide users with sufficient computing resources, storage, and bandwidth to meet their needs. Data security and privacy protection are among the new threats faced by users. Searchable encryption is the combination of search technology and encryption technology. Searchable encryption can upload the user’s data to the cloud server after special encryption, and can realize the function of retrieving according to keywords. Comparatively to symmetric searchable encryption (SSE), public key searchable encryption (PEKS) simplifies key management greatly. However, most existing public key authenticated encryption with keyword search (PAEKS) schemes are based bilinear pairing, making them computationally expensive. Apart from this, complex retrieval requirements and the integrity of the results had not been considered. To address these problems, we propose a blockchain-based PAEKS schemes supporting multi-keyword queries and integrity verification. In addition, we provide security proofs for the PAEKS scheme under the decisional oracle Diffie-Hellman (DODH) assumption. This scheme a scheme that requires less storage and computational power than other schemes of the same kind.

Fast keyword search over encrypted data with short ciphertext in clouds

Nowadays, it is convenient for people to store their data on clouds. To protect the privacy, people tend to encrypt their data before uploading them to clouds. Due to the widespread use of cloud services, public key searchable encryption is necessary for users to search the encrypted files efficiently and correctly. However, the existing public key searchable encryption schemes supporting monotonic queries suffer from either infeasibility in keyword testing or inefficiency such as heavy computing cost of testing, large size of ciphertext or trapdoor, and so on. In this work, we first propose a novel and efficient anonymous key-policy attribute-based encryption (KP-ABE). Then by applying Shen et al.’s generic construction to the proposed anonymous KP-ABE, we obtain an efficient and expressive public key searchable encryption, which to the best of our knowledge achieves the best performance in testing among the existing such schemes. Only 2 pairings are needed in testing. By applying our searchable encryption, one is able to expressively and efficiently search their encrypted data on clouds, without leaking the keyword information. Besides, we also implement our scheme and others with Python for comparing the performance. From the implementation results, our scheme owns the best performance on testing, and the size of ciphertexts and trapdoors are smaller than most of the existing schemes.

Toward Data Security in 6G Networks: A Public-Key Searchable Encryption Approach

With the advances of the fifth generation (5G) mobile communication technology, smart applications enhance the quality of daily life, the urban management by the government and the effective allocation of resources. Smart applications collect data through the Internet of Things, store massive data in the cloud server, and use cloud computing and deep learning to analyze the data, according to the data analysis results to guide human production and life. However, with the breakthrough of 6G technology, the amount of data applied is increasing, and the demand for privacy protection is becoming more prominent. Encrypting data using traditional cryptographic algorithms can solve the problem of privacy leakage, but it hampers the availability of the data. Searchable encryption is a special encryption structure with keyword search, which balances the availability and privacy of massive data. In this article, we analyze some typical security and privacy issues in 6G-based applications, discuss the solutions to these problems, and present a framework of 6G-based smart cities with searchable encryption, which provides a guarantee for the privacy and availability of smart city data (including ciphertext search, access control, etc.). We also propose a searchable encryption solution based on ciphertext-policy attribute-based encryption to solve the conflict between security and data availability of the smart cities as a specific scenario in order to demonstrate the contribution of cryptographic technologies such as public-key searchable encryption to the 6th generation mobile communication technology.

An improved secure designated server public key searchable encryption scheme with multi-ciphertext indistinguishability

In the cloud, users prefer to store their sensitive data in encrypted form. Searching keywords over encrypted data without loss of data confidentiality is an important issue. In 2004, Boneh et al. proposed the first public-key searchable encryption scheme which allows users to search by the private key. However, most existing public-key searchable encryption schemes are vulnerable to keyword guessing attack and can not satisfy multi-ciphertext indistinguishability. In this paper, we construct a secure designated server public-key searchable encryption based on Diffie-Hellman problem. Our security analysis shows that our proposed scheme can resist against keyword guessing attack and provide multi-ciphertext indistinguishability for any adversity. Furthermore, the proposed scheme can achieve multi-trapdoor privacy for external attackers. Moreover, the simulation results between our scheme and previous schemes demonstrate our new scheme is suitable for practical application.